Back to search
Vulnerability Lead
Manchester/Hybrid (On site once per month)
60K -65K
A Vulnerability Lead is required for our client who are based in Manchester. The successful candidate will support in defending the organisation's systems by detecting weaknesses in digital assets and will take action to correct and strengthen security. You will work within the Defence and Availability Centre (DAC) - the combined Security Operations Centre (SOC) and Network Operations Centre (NOC). The Vulnerability Lead will be responsible for providing operational leadership of all aspects of vulnerability management.
Responsibilities:
- Complete day-to-day technical activities to identify, assess, categorise, prioritise, remediate, and manage vulnerabilities across digital assets and environments.
- Validate vulnerability alerting by working across the teams to understand business impacts.
- Produce threat informed vulnerability reports and assessments that identify technical and procedural findings and provide recommended remediation strategies/solutions.
- Prioritise, lead and co-ordinate vulnerability activities, such as monitoring and configuring scans.
- Co-ordinate and prioritise the delivery of vulnerability management programme, including specifically identification, remediation and the monitoring of our performance and progress.
- Use automated approaches and methodologies to enable more efficient and effective team processes.
- Co-ordinate and lead the vulnerability meetings, workshops and forums.
- Conduct regular reviews and fine-tuning of vulnerability management processes.
- Analyse organisation's cyber defence policies and configurations and evaluate compliance with regulations.
- Work with technical colleagues, suppliers, and external companies. Identify where vulnerability capabilities can be continuously improved.
Essential Skills:
- Significant practical experience as vulnerability analyst/lead working within the Cyber Operations domain; this is not an entry level role.
- Strong knowledge of, vulnerability management practices, and relevant regulations (e.g., GDPR, NIST, ISO 27001, etc.).
- Practical 'hands on' knowledge and experience, working with vulnerability management platforms.
- Extensive experience of writing vulnerability reports and assessments.
- Proven experience of providing excellent customer service ensuring the needs of internal and external customers are me.
- Understanding of the Cyber Kill Chain and MITRE ATT&CK techniques, supported by familiarity with common and the latest forms of malware.
- Experience working within hybrid infrastructure environments, consisting of on premises and cloud; PaaS, SaaS, IaaS services, with a focus on Microsoft Azure.
Desirable criteria:
Relevant industry qualifications and certifications (GSEC, GEVA). Good technical security knowledge based on practical experience, across at least 3 years, including: Microsoft Windows, 365 and Azure technologies, Rapid7, Microsoft Defender for Endpoint.
